diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..4331226612314603a01da86c35eb7430c6bb0394
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+/pkg/
+*.pyc
+database/atuned.db
diff --git a/common/utils/utils.go b/common/utils/utils.go
index 46734fe7028bae3c19842b4a0c3fa09353ee25ac..c9307050a2af69dc824503d39b0c44b35131e653 100644
--- a/common/utils/utils.go
+++ b/common/utils/utils.go
@@ -25,6 +25,7 @@ import (
 	"path"
 	"path/filepath"
 	"plugin"
+	"regexp"
 	"strconv"
 	"strings"
 	"syscall"
@@ -278,3 +279,13 @@ func DiskByName(disk string) error {
 
 	return fmt.Errorf("disk %s is not exist", disk)
 }
+
+// common input string validator
+func IsInputStringValid(input string) bool {
+	if input != "" {
+		if isOk, _ := regexp.MatchString("^[a-zA-Z0-9/.-_]*$", input); isOk {
+			return isOk
+		}
+	}
+	return false
+}
diff --git a/modules/server/profile/profile.go b/modules/server/profile/profile.go
index 5f5736711525f9e13e75e3bfd59efd14567f7f02..58f38eff8a3a6ba9df71e0fc4c591184d77cd5f3 100644
--- a/modules/server/profile/profile.go
+++ b/modules/server/profile/profile.go
@@ -691,6 +691,26 @@ func (s *ProfileServer) ProfileRollback(profileInfo *PB.ProfileInfo, stream PB.P
 Collection method call collection script to collect system data.
 */
 func (s *ProfileServer) Collection(message *PB.CollectFlag, stream PB.ProfileMgr_CollectionServer) error {
+	if valid := utils.IsInputStringValid(message.GetWorkload()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetWorkload())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetOutputPath()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetOutputPath())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetType()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetType())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetBlock()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetBlock())
+	}
+
+	if valid := utils.IsInputStringValid(message.GetNetwork()); !valid {
+		return fmt.Errorf("input:%s is invalid", message.GetNetwork())
+	}
+
 	classApps := &sqlstore.GetClassApp{Class: message.GetType()}
 	err := sqlstore.GetClassApps(classApps)
 	if err != nil {